<?php
require_once('../includes/init.php');
if (isset($_SESSION['userid'])&&($member1['permission']=="1"||$member1['permission']=="2")) : ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<meta http-equiv="content-type" content="text/html;charset=UTF-8"/>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
<meta name="description"  content=""/>
<meta name="keywords" content=""/>
<meta name="robots" content="ALL,FOLLOW"/>
<meta name="Author" content="AIT"/>
<meta http-equiv="imagetoolbar" content="no"/>
<title>Admin Control Pannel</title>

<link rel="stylesheet" href="admincp/css/reset.css" type="text/css"/>
<link rel="stylesheet" href="admincp/css/screen.css" type="text/css"/>
<link rel="stylesheet" href="admincp/css/fancybox.css" type="text/css"/>
<link rel="stylesheet" href="admincp/css/jquery.wysiwyg.css" type="text/css"/>
<link rel="stylesheet" href="admincp/css/jquery.ui.css" type="text/css"/>
<link rel="stylesheet" href="admincp/css/visualize.css" type="text/css"/>
<link rel="stylesheet" href="admincp/css/visualize-light.css" type="text/css"/>
<!--[if IE 7]>
	<link rel="stylesheet" type="text/css" href="css/ie7.css" />
<![endif]-->	

<script type="text/javascript" src="admincp/js/jquery.js"></script>
<script type="text/javascript" src="admincp/js/jquery.visualize.js"></script>
<script type="text/javascript" src="admincp/js/jquery.wysiwyg.js"></script>
<script type="text/javascript" src="admincp/js/tiny_mce/jquery.tinymce.js"></script>
<script type="text/javascript" src="admincp/js/jquery.fancybox.js"></script>
<script type="text/javascript" src="admincp/js/jquery.idtabs.js"></script>
<script type="text/javascript" src="admincp/js/jquery.jeditable.js"></script>
<script type="text/javascript" src="admincp/js/jquery.ui.js"></script>

<script type="text/javascript" src="admincp/js/excanvas.js"></script>
<script type="text/javascript" src="admincp/js/cufon.js"></script>
<script type="text/javascript" src="admincp/js/Geometr231_Hv_BT_400.font.js"></script>
<script type="text/javascript" src="admincp/js/script.js"></script>
<script>
function Delete(ID){
    if(confirm ('Bạn có chắc muốn xóa bản ghi đã chọn?')==true){
    document.getElementById("Xoa"+ID+"").setAttribute('checked','checked');
    document.getElementById("formID").submit();
    }
}
</script>
</head>

<body>
<div class="clear">
<div class="main"> <!-- *** mainpage layout *** -->
	<div class="main-wrap">
	 	<div class="page clear">
<script>
     function checkAll(checkname, bx) {
        for (i = checkname.length; i--; )
            checkname[i].checked = bx.checked;
    }
    function checkPage(bx){                    
        for (var tbls = document.getElementsByTagName("table"),i=tbls.length; i--; )
            for (var bxs=tbls[i].getElementsByTagName("input"),j=bxs.length; j--; )
               if (bxs[j].type=="checkbox")
                   bxs[j].checked = bx.checked;
    }
</script>
 
<?php
$CurentTime=date(time());
$NguoiGui=$_SESSION['userid'];
$site=$link;
require_once('../includes/chuyendau.php');
$tag_sucsess='<div class="notification note-success" style="margin: 5px;">
				<a href="#" class="close" title="Đóng thông báo"><span>close</span></a>
				<span class="icon"></span>
				<p><strong>Cập nhập: </strong>';
$tag_error='<div class="notification note-error" style="margin: 5px;">
				<a href="#" class="close" title="Đóng thông báo"><span>close</span></a>
				<span class="icon"></span>
				<p><strong>Lỗi: </strong>';
$end_tag_sucsess='</p>
			</div>';              
function XoaDuLieu($Table,$Where){
    $dk=$_POST["XoaDuLieu"]; 
    $d=count($dk);
    for($i=0;$i<$d;$i++){
    @mysql_query("DELETE FROM $Table where $Where = '$dk[$i]'");
    }
    global $tag_sucsess,$end_tag_sucsess;
 echo $tag_sucsess.'Xóa Thành công !'.$end_tag_sucsess;
}
function LuuSapXep($Table,$Where){
    $SapXep=$_POST['LuuSapXep'];
    foreach( $SapXep as $key => $n ) 
    {
    @mysql_query("UPDATE $Table SET SapXep='".$n."' WHERE $Where = '".$key."'");
    }
    global $tag_sucsess,$end_tag_sucsess;
     echo $tag_sucsess.'Sắp xếp Thành công !'.$end_tag_sucsess;
}
  if (isset($_FILES['file_up']))
{if($_FILES['file_up']['size']>0){
if ($_FILES['file_up']['size'] <= 5000000)
{
if((($_FILES["file_up"]["type"] == "image/gif") || ($_FILES["file_up"]["type"] == "image/jpeg") || ($_FILES["file_up"]["type"] == "image/png"))){
$imageinfo = getimagesize($_FILES['file_up']['tmp_name']);
if($imageinfo['mime'] != 'image/gif' && $imageinfo['mime'] != 'image/jpeg' && $imageinfo['mime'] != 'image/png') {
echo ''.$tag_error.'File Ảnh của Bạn không đúng định dạng cho phép. Bạn vui lòng chọn Ảnh khác !'.$end_tag_sucsess.'';
}else{
    $blacklist = array(".php", ".phtml", ".php3", ".php4");

foreach ($blacklist as $item) {

if(preg_match("/$item$/i", $_FILES['file_up']['tmp_name'])) {

echo ''.$tag_error.'File Ảnh của Bạn không đúng định dạng cho phép. Bạn vui lòng chọn Ảnh khác !'.$end_tag_sucsess.'';
}else{
     if ($_FILES["file_up"]["error"] > 0)
    {
echo ''.$tag_error.'File Ảnh của Bạn không đúng định dạng cho phép. Bạn vui lòng chọn Ảnh khác !'.$end_tag_sucsess.'';
    }
  else
    {
 $Name = md5(date("F-d-Y-H-i-s", time()));       
if($_FILES["file_up"]["type"] == "image/gif" && $imageinfo['mime'] == "image/gif"){
    $TenFile = ''.$Name.'.gif';
}
if($_FILES["file_up"]["type"] == "image/jpeg" && $imageinfo['mime'] == "image/jpeg"){
    $TenFile = ''.$Name.'.jpg';
}
if($_FILES["file_up"]["type"] == "image/png" && $imageinfo['mime'] == "image/png"){
    $TenFile = ''.$Name.'.png';
}
    if (file_exists("../upload/images/" . $TenFile))
      {
     
      }
    else
      {
      move_uploaded_file($_FILES["file_up"]["tmp_name"],
      "../upload/images/" . $TenFile);   
      $linkLoGo = "upload/images/" . $TenFile;   
      }
    }
}

}

    }
}else{
    echo ''.$tag_error.'File Ảnh của Bạn không đúng định dạng cho phép. Bạn vui lòng chọn Ảnh khác !'.$end_tag_sucsess.'';
}
}else{
    echo ''.$tag_error.'File Ảnh của Em đã vượt quá dung lượng cho phép là 5MB. Em vui lòng chọn Ảnh khác !'.$end_tag_sucsess.'';
} 
} 
}


if($_GET['action']=='TaoDVLienKet'){
    if(isset($_GET['MaDVLienKet'])){
        $title='Sửa đơn vị liên kết';
    }else{
        $title='Tạo đơn vị liên kết mới';
    }
echo '<div class="content-box">
				<div class="box-header clear">
					<h2>'.$title.':</h2>
				</div>
				<div class="box-body clear">
				<!-- Custom Forms -->
					<div id="forms">
					<form name="form1" action="QuanLy.php?action=QuanLyDVLienKet" method="post" enctype="multipart/form-data"><table>';
$sql = @mysql_query("select * from client where ID = '".$_GET['MaDVLienKet']."'");
$rows = @mysql_fetch_array($sql);
 if(!isset($_GET['MaDVLienKet'])){
    $checked='checked="checked"';
   }else{
    if($rows['TrangThai']=="1"){
    $checked='checked="checked"';
   }else{
    $checked='';
    }
    }
echo '<input type="text" name="ID" style="display: none;" value="'.$_GET['MaDVLienKet'].'" />
<div class="form-field clear">
								<label for="textfield" class="form-label fl-space2"><b>LoGo:</b></label>
								<input type="file" name="file_up" style="width: 422px;" class="form-file fl"/><input name="LoGO" type="text" style="width: 250px;display:none" value="'.$rows['LoGo'].'" />
							</div><!-- /.form-field -->
<div class="form-field clear">
								<label for="textfield" class="form-label fl-space2"><b>Link:</b></label>
								<input class="text" style="width: 200px;" type="text" name="Link" value="'.$rows['Link'].'" />
							</div><!-- /.form-field -->
<div class="form-field clear">
								<label for="textfield" class="form-label fl-space2"><b>Kích Hoạt:</b></label>
								<input name="KichHoat[]" type="checkbox" '.$checked.' value="1" />
							</div><!-- /.form-field -->
<div class="form-field clear" align="left" style="float: left;padding-left: 110px;padding-top: 10px;">
								<input class="submit fr" value="Lưu lại"  type="submit"/>
							</div><!-- /.form-field -->																								
						</form>
					</div><!-- /#forms -->
					
				</div> <!-- end of box-body -->
			</div>';
}
 
if($_GET['action']=='QuanLyDVLienKet'){ 
if($_POST['Link']){
$Link=addslashes($_POST["Link"]);
$check=$_POST['KichHoat'];
if($_FILES['file_up']['size']==0){
    $linkLoGo=$_POST["LoGO"];
}
if($_POST['ChuyenMuc']){
    @mysql_query("INSERT INTO client(Link) VALUES('$Link')");
}else{
    if($_POST['ID']!=""){
    @mysql_query("UPDATE client SET LoGo='$linkLoGo', Link='$Link', TrangThai='$check[0]' WHERE ID = '".$_POST['ID']."'");
echo ''.$tag_sucsess.'Sửa đơn vị liên kết thành công !'.$end_tag_sucsess.'';
}else{
@mysql_query("INSERT INTO  client(LoGo, Link, TrangThai) VALUES('$linkLoGo', '$Link', '$check[0]')");
echo ''.$tag_sucsess.'Tạo đơn vị liên kết thành công !'.$end_tag_sucsess.'';
}
}
}
if(isset($_POST['XoaDuLieu'])){
    XoaDuLieu("client","ID");
}
if(isset($_POST['LuuSapXep'])&&$_POST['XoaDuLieu']==""){
    LuuSapXep("client","ID");
}
$sql = @mysql_query("select * from client order by SapXep asc, ID asc");
echo '<!-- CONTENT BOXES -->
			<div class="content-box">
				<div class="box-header clear">
					<h2>QUẢN LÝ đơn vị liên kết</h2>
				</div>
				
				<div class="box-body clear">
					
				<!-- TABLE -->
					<div style="display: block;" id="table">
                    <form name="form1" action=" " method="post" id="formID"> 
<table>
  <thead>
   <tr>
<th><input type="checkbox" name="Check_ctr" value="yes" onclick="checkPage(this);"></th>
<th>ID</th>
<th>LoGo</th>
<th>Link</th>
<th>Sắp xếp</th>
<th>Trạng thái</th>
<th style="width:20px">Sửa</th>
<th style="width:20px">Xóa</th>
 
</tr>
  </thead>
 <tbody>';
while ($rows = @mysql_fetch_array($sql))
{
    
    if($rows['TrangThai']=="1"){
    $TrangThai='<b style="color:blue">Đã Kích Hoạt</b>';
}else{
    $TrangThai='<b style="color:red">Chưa Kích Hoạt</b>';
}
 $confirm="return confirm('Bạn chắc chắn muốn xóa những đơn vị liên kết đã chọn này?')";
 $url=stripUnicode($rows['Link']);
 $url=ereg_replace('[[:space:]]+', '-', trim($url));
echo '<tr class=rowtwo>
<td width=22><input id="Xoa'.$rows['ID'].'" type=checkbox name=XoaDuLieu[] value="'.$rows['ID'].'" onclick="toggleCB(this);"></td>
<td width=22>'.$rows['ID'].'</td>
<td><img src="'.$link.''.$rows['LoGo'].'"   /></td>
<td><input name="" type="text" class="text" value="'.$rows['Link'].'" /></a></td>
<td><input name="LuuSapXep['.$rows['ID'].']" type="text" class="text" value="'.$rows['SapXep'].'" /></td>
<td><b>'.$TrangThai.'</b></td>
<td align=center width=22><a href="QuanLy.php?action=TaoDVLienKet&MaDVLienKet='.$rows['ID'].'"><img width=20 height=20 border=0 src="admincp/img/icons/edit.png" title="Sửa bản ghi này"></a></td>
<td align=center width=22><a href="javascript://" onclick="Delete('.$rows['ID'].');"><img width=20 height=20 border=0 src="admincp/images/ico_delete_16.png" title="Xóa bản ghi này"></a></td>
</tr>';
}
echo ' </table><div class="fl">
							<input value="Xóa" id="submit2" class="submit fl-space" type="submit" onclick="'.$confirm.'"/>
                            <input value="Lưu sắp xếp" id="submit2" class="submit fl-space" type="submit" style="margin-left: 10px;"/>
							</div></form>';
}

 

if($_GET['action']=='TaiKhoanAdmin'){
if($_POST['username']){
$username=addslashes($_POST["username"]);
$password=md5($_POST["password"]);
 
 if(($_POST["username"]!=""&&$_POST["password"]!="")){
    @mysql_query("UPDATE users SET username='$username', password='$password', pass='".$_POST["password"]."' WHERE userid = '".$_POST['userid']."'");
echo ''.$tag_sucsess.'Sửa thành công !'.$end_tag_sucsess.'';
 }else{
    echo ''.$tag_error.'Vui lòng nhập đầy đủ thông tin !'.$end_tag_sucsess.'';
 }
}
$sql = @mysql_query("select * from users where userid = '".$_GET['ID']."'");
$rows = @mysql_fetch_array($sql);
echo '<div class="content-box">
				<div class="box-header clear">
					<h2>Sửa tài khoản Admin:</h2>
				</div>
				<div class="box-body clear">
				<!-- Custom Forms -->
					<div id="forms">
						<form action="" method="post" class="form">
							<div class="form-field clear">
								
                                <input type="text" name="userid" style="display: none;" value="'.$rows['userid'].'" />
<label for="textfield" class="form-label fl-space2"><b>Tài khoản:</b></label><input name="username" class="text" style="width: 200px;" type="text" value="'.$rows['username'].'" /></div><!-- /.form-field -->
							<div class="form-field clear">
								<label for="textfield" class="form-label fl-space2"><b>Mật khẩu:</b></label>
							<input class="text" style="width: 200px;" type="password" name="password" value="'.$rows['pass'].'" />
							</div><!-- /.form-field -->
<div class="form-field clear" align="left" style="float: left;padding-left: 110px;padding-top: 10px;">
								<input class="submit fr" value="Cập nhập"  type="submit"/>
							</div><!-- /.form-field -->																								
						</form>
					</div><!-- /#forms -->
					
				</div> <!-- end of box-body -->
			</div>';
}

if($_GET['action']=='TaoMenuFooter'){
    if(isset($_GET['MaMenuFooter'])){
        $title='Sửa Menu Footer';
    }else{
        $title='Tạo Menu Footer mới';
    }
echo '<div class="content-box">
				<div class="box-header clear">
					<h2>'.$title.':</h2>
				</div>
				<div class="box-body clear">
				<!-- Custom Forms -->
					<div id="forms">
					  <form name="form1" action="QuanLy.php?action=QuanLyMenuFooter" method="post"> ';
$sql = @mysql_query("select * from baiviet where IDBaiViet = '".$_GET['MaMenuFooter']."'");
$rows = @mysql_fetch_array($sql);
if($rows['KichHoat']=="1"){
    $checked='checked="checked"';
   }else{
    $checked='';
    }
echo '<input type="text" name="IDBaiViet" style="display: none;" value="'.$_GET['MaMenuFooter'].'" />
<div class="form-field clear">
								<label for="textfield" class="form-label fl-space2"><b>Tên Menu Footer:</b></label>
								<input class="text" style="width: 200px;" type="text" name="TenMenuFooter" value="'.$rows['TieuDe'].'" />
							</div><!-- /.form-field -->
<div class="form-field clear">
								<label for="textfield" class="form-label fl-space2"><b>Kích Hoạt:</b></label>
								<input name="KichHoat[]" type="checkbox" '.$checked.' value="1" />
							</div><!-- /.form-field -->
 ';
include ("includes/FormBaiViet.php");
echo '<div class="form-field clear">
								<label for="textfield" ><b>Nội dung:</b></label>
								<textarea style="width:100%;height:400px" id="elm1" name="NoiDung">'.$rows['NoiDung'].'</textarea>
							</div><!-- /.form-field -->
 <div class="form-field clear">
								<input class="submit fr" value="Lưu lại" type="submit"/>
							</div><!-- /.form-field -->																								
						</form>
					</div><!-- /#forms -->
				</div> <!-- end of box-body -->
			</div>
<script>CKEDITOR.replace("elm1"); </script>';
}
 
if($_GET['action']=='QuanLyMenuFooter'){ 
if($_POST['TenMenuFooter']){
$TenMenuFooter=addslashes($_POST["TenMenuFooter"]);
$NoiDung=$_POST["NoiDung"];
$check=$_POST['KichHoat'];
 
    if($_POST['IDBaiViet']!=""){
    @mysql_query("UPDATE baiviet SET TieuDe='$TenMenuFooter', NoiDung='$NoiDung', KichHoat='$check[0]' WHERE IDBaiViet = '".$_POST['IDBaiViet']."'");
echo ''.$tag_sucsess.'Sửa Menu Footer thành công !'.$end_tag_sucsess.'';
}else{
@mysql_query("INSERT INTO baiviet(TieuDe, NoiDung, KichHoat, Loai) VALUES('$TenMenuFooter', '$NoiDung', '$check[0]', 'MenuFooter')");
echo ''.$tag_sucsess.'Tạo Menu Footer thành công !'.$end_tag_sucsess.'';
 
}
}
if(isset($_POST['XoaDuLieu'])){
    XoaDuLieu("baiviet","IDBaiViet");
}
if(isset($_POST['LuuSapXep'])&&$_POST['XoaDuLieu']==""){
    LuuSapXep("baiviet","IDBaiViet");
}
 
$sql = @mysql_query("select * from baiviet where Loai = 'MenuFooter' order by SapXep asc, IDBaiViet asc");
echo '<!-- CONTENT BOXES -->
			<div class="content-box">
				<div class="box-header clear">
					<h2>QUẢN LÝ MENU FOOTER
				</div>
				
				<div class="box-body clear">
					
				<!-- TABLE -->
					<div style="display: block;" id="table">
                    <form name="form1" action=" " method="post" id="formID">
                    <table>
							<thead>
								<tr>
<th class=rowhdr1 width=22> <input type="checkbox" name="Check_ctr" value="yes" onclick="checkPage(this);"></th>
<th>ID</th>
 
<th>Tên Menu Footer</th>
<th>Trạng thái</th>
<th style="width:30px" class=rowhdr1 vAlign=top title="">Sắp xếp</th>
<th>Sửa</th>
 <th>Xóa</th>
</tr>';
while ($rows = @mysql_fetch_array($sql))
{
    if($rows['KichHoat']=="1"){
    $KichHoat='<b style="color:blue">Đã Kích Hoạt</b>';
}else{
    $KichHoat='<b style="color:red">Chưa Kích Hoạt</b>';
}
 $confirm="return confirm('Bạn chắc chắn muốn xóa Dự Án này?')";
 $url=stripUnicode($rows['TieuDe']);
 $url=ereg_replace('[[:space:]]+', '-', trim($url));
echo '<tr class=rowtwo>
<td width=22><input id="Xoa'.$rows['IDBaiViet'].'" type=checkbox name=XoaDuLieu[] value="'.$rows['IDBaiViet'].'" onclick="toggleCB(this);"></td>
<td >'.$rows['IDBaiViet'].'</td>
<td><a href="'.$link.'Kenh-'.$rows['IDBaiViet'].'-'.$url.'.html" target="_blank">'.$rows['TieuDe'].'</a></td> 
<td><b>'.$KichHoat.'</b></td>
<td width=20><input style="width:30px" name="LuuSapXep['.$rows['IDBaiViet'].']" type="text" value="'.$rows['SapXep'].'" /></td>
 <td align=center width=22><a href="QuanLy.php?action=TaoMenuFooter&MaMenuFooter='.$rows['IDBaiViet'].'"><img width=20 height=20 border=0 src="admincp/img/icons/edit.png" title="Sửa bản ghi này"></a></td>
 <td align=center width=22><a href="javascript://" onclick="Delete('.$rows['IDBaiViet'].');"><img width=20 height=20 border=0 src="admincp/images/ico_delete_16.png" title="Xóa bản ghi này"></a></td>
 
</tr>';
}
echo ' </table><div class="tab-footer clear">
							<div class="fl">
							<input value="Xóa" id="submit2" class="submit fl-space" type="submit" onclick="'.$confirm.'"/>
                            <input value="Lưu sắp xếp" id="submit2" class="submit fl-space" type="submit" style="margin-left: 10px;"/>
							</div> </form>';
}


if($_GET['action']=='TaoMod'){
    if(isset($_GET['MaMod'])){
        $title='Sửa tài khoản MOD';
    }else{
        $title='Tạo tài khoản MOD mới';
    }
echo '<div class="content-box">
				<div class="box-header clear">
					<h2>'.$title.':</h2>
				</div>
				<div class="box-body clear">
				<!-- Custom Forms -->
					<div id="forms"><form name="form1" action="QuanLy.php?action=QuanLyMod" method="post"><table>';
$sql = @mysql_query("select * from users where userid = '".$_GET['MaMod']."'");
$rows = @mysql_fetch_array($sql);
 if(!isset($_GET['MaMod'])){
    $checked='checked="checked"';
   }else{
    if($rows['KhoaNick']=="1"){
    $checked='checked="checked"';
   }else{
    $checked='';
    }
    }
echo '<input type="text" name="userid" style="display: none;" value="'.$_GET['MaMod'].'" />
<tr><td style="width: 40%;text-align:right;font-weight:bold">Tài khoản:</td><td style="width: 60%;"><input name="TenMod" type="text" style="width: 250px;" value="'.$rows['username'].'" class="text" /></td></tr>
<tr><td style="width: 40%;text-align:right;font-weight:bold">Mật khẩu:</td><td style="width: 60%;"><input name="password" type="text" style="width: 250px;" value="'.$rows['pass'].'" class="text" /></td></tr>
 <tr><td style="text-align:right;font-weight:bold">Kích Hoạt:</td><td style=""><input name="KhoaNick[]" type="checkbox" '.$checked.' value="1" /></td></tr>
 <tr><td></td><td><input class="submit fl-space" type="submit" value="Cập nhập" /></td></tr>
';
echo '</table></form>';
}
 
if($_GET['action']=='QuanLyMod'){ 
if($_POST['TenMod']){
$TenMod=addslashes($_POST["TenMod"]);
$password=md5($_POST["password"]);
$check=$_POST['KhoaNick'];
 if($_POST["TenMod"]!==""||$_POST["password"]!==""){
   
    if($_POST['userid']!=""){
    @mysql_query("UPDATE users SET username='$TenMod', KhoaNick='$check[0]', password='$password', pass='".$_POST["password"]."' WHERE userid = '".$_POST['userid']."'");
echo ''.$tag_sucsess.'Sửa Mod thành công !'.$end_tag_sucsess.'';
}else{
     if(mysql_num_rows(@mysql_query("select * from users where username = '$TenMod'"))>0){
         echo ''.$tag_error.'Chú ý: Tên tài khoản này đã được tạo !'.$end_tag_sucsess.'';
    }else{
@mysql_query("INSERT INTO users(username, KhoaNick, password, permission, pass) VALUES('$TenMod', '$check[0]', '$password', '2', '".$_POST["password"]."')");
echo ''.$tag_sucsess.'Tạo Mod thành công !'.$end_tag_sucsess.'';
}
 }
 }else{
    echo ''.$tag_error.'Vui lòng nhập đầy đủ thông tin !'.$end_tag_sucsess.'';
 }
}
if(isset($_POST['XoaDuLieu'])){
    XoaDuLieu("users","userid");
}
if(isset($_POST['LuuSapXep'])){
    LuuSapXep("users","userid");
}
$sql = @mysql_query("select * from users where permission = '2' order by userid asc");
echo '<!-- CONTENT BOXES -->
			<div class="content-box">
				<div class="box-header clear">
					<h2>QUẢN LÝ MOD</h2>
				</div>
				
				<div class="box-body clear">
					
				<!-- TABLE -->
					<div style="display: block;" id="table">
                    <form name="form1" action=" " method="post" id="formID"><table>
							<thead>
								<tr>
<th class=rowhdr1 width=22> <input type="checkbox" name="Check_ctr" value="yes" onclick="checkPage(this);"></th>
<th>ID</th>
<th>Tài khoản</th>
<th>Trạng thái</th>
<th>Sửa</th>
 <th>Xóa</th>
</tr></thead>
							
							<tbody>';
while ($rows = @mysql_fetch_array($sql))
{
    
    if($rows['KhoaNick']=="1"){
    $KhoaNick='<b style="color:blue">Đã Kích Hoạt</b>';
}else{
    $KhoaNick='<b style="color:red">Chưa Kích Hoạt</b>';
}
 $confirm="return confirm('Bạn chắc chắn muốn xóa Mod này?')";
echo '<tr class=rowtwo>
<td width=22><input id="Xoa'.$rows['userid'].'" type=checkbox name=XoaDuLieu[] value="'.$rows['userid'].'" onclick="toggleCB(this);"></td>
<td >'.$rows['userid'].'</td>
<td><b style="color:blue">'.$rows['username'].'</b></td>
<td><b>'.$KhoaNick.'</b></td>
<td align=center width=22><a href="QuanLy.php?action=TaoMod&MaMod='.$rows['userid'].'"><img width=20 height=20 border=0 src="admincp/img/icons/edit.png" title="Sửa bản ghi này"></a></td>
 <td align=center width=22><a href="javascript://" onclick="Delete('.$rows['userid'].');"><img width=20 height=20 border=0 src="admincp/images/ico_delete_16.png" title="Xóa bản ghi này"></a></td>
 
</tr>';
}
echo ' </table><div class="fl">
							<input value="Xóa" id="submit2" class="submit fl-space" type="submit" onclick="'.$confirm.'"/>
                           	</div></form>';
}


if($_GET['action']=='DangOnline'){
    if(isset($_POST['XoaDuLieu'])){
    XoaDuLieu("online","IDOnline");
}
$timecheck=date(time())-800;
$sqll = @mysql_query("select * from online where Times >= $timecheck order by Times desc");
$sotin=50;
$totalpage=round((@mysql_num_rows($sqll)/$sotin),0);
$linkss="QuanLy.php?".$_SERVER["QUERY_STRING"]."&page=%s";
include("includes/PhanTrang.php");
$PhanTrang=phantrang($_GET['page'], $totalpage, $linkss, $show);
$sql = @mysql_query("select * from online where Times >= $timecheck order by Times desc limit $page, $page1");
echo '<!-- CONTENT BOXES -->
			<div class="content-box">
				<div class="box-header clear">
					<h2>KHÁCH ĐANG ONLINE</h2>
				</div>
				
				<div class="box-body clear">
					
				<!-- TABLE -->
					<div style="display: block;" id="table"> <meta http-equiv="refresh" content="30" ><form action="" method="post" id="formID"><table>
							<thead>
								<tr>
<th class=rowhdr1 width=22><input type=checkbox name=toggleAll onclick="toggleCBs(this);"></th>
<th>ID </th>
<th>Lượt Truy Cập</th>
<th>Địa Chỉ IP</th>
<th>Đã Xem</th>
<th>Referrer</th>
<th>Trình Duyệt</th>
<th>Hệ Điều Hành</th>
<th>Xem Lúc</th>
<th>Xóa</th>
</tr></thead>
 	<tbody>';
while ($rows = @mysql_fetch_array($sql))
{
$confirm="return confirm('Bạn chắc chắn muốn sẽ xóa bản ghi này?')";
echo '<tr class=rowtwo>
<td width=22><input id="Xoa'.$rows['IDOnline'].'" type=checkbox name=XoaDuLieu[] value="'.$rows['IDOnline'].'" onclick="toggleCB(this);"></td>
<td >'.$rows['IDOnline'].'</td>
<td>'.$rows['Hits'].'</td>
<td><a href="http://www.whois.sc/'.$rows['IP'].'" title="Lookup this IP address in the WhoIs service" target="_blank">'.$rows['IP'].'</a></td>
<td><a href="http://itv14.net'.$rows['URL'].'" target=_blank>'.$URL.'</a></td>
<td>'.$rows['Referrer'].'</td>
<td>'.$rows['TrinhDuyet'].'</td>
<td>'.$rows['HeDieuHanh'].'</td>
<td>'.date("H:i d/m/Y", $rows['Times']).'</td>
 <td align=center width=22><a href="javascript://" onclick="Delete('.$rows['IDOnline'].');"><img width=20 height=20 border=0 src="admincp/images/ico_delete_16.png" title="Xóa bản ghi này"></a></td>
</tr>';
}
echo ' </table><div class="tab-footer clear">
							<div class="fl">
							<input value="Xóa" id="submit2" class="submit fl-space" type="submit" onclick="'.$confirm.'"/>
                             	</div>'.$PhanTrang.'</div>';
}
if($_GET['action']=='ThongKeTruyCap'){
    if(isset($_POST['XoaDuLieu'])){
    XoaDuLieu("online","IDOnline");
}
$sqll = @mysql_query("select * from online order by IDOnline desc");
$sotin=50;
$totalpage=round((@mysql_num_rows($sqll)/$sotin),0);
$linkss="QuanLy.php?".$_SERVER["QUERY_STRING"]."&page=%s";
include("includes/PhanTrang.php");
$PhanTrang=phantrang($_GET['page'], $totalpage, $linkss, $show);
$sql = @mysql_query("select * from online order by IDOnline desc limit $page, $page1");
echo '<!-- CONTENT BOXES -->
			<div class="content-box">
				<div class="box-header clear">
					<h2>THỐNG KÊ TRUY CẬP</h2>
				</div>
				
				<div class="box-body clear">
					
				<!-- TABLE -->
					<div style="display: block;" id="table"> <meta http-equiv="refresh" content="30" ><form action="" method="post" id="formID"><table>
							<thead>
								<tr>
<th class=rowhdr1 width=22><input type=checkbox name=toggleAll onclick="toggleCBs(this);"></th>
<th>ID </th>
<th>Lượt Truy Cập</th>
<th>Địa Chỉ IP</th>
<th>Đã Xem</th>
<th>Referrer</th>
<th>Trình Duyệt</th>
<th>Hệ Điều Hành</th>
<th>Xem Lúc</th>
<th>Xóa</th>
</tr></thead>
 	<tbody>';
while ($rows = @mysql_fetch_array($sql))
{
$confirm="return confirm('Bạn chắc chắn muốn sẽ xóa bản ghi này?')";

echo '<tr class=rowtwo>
<td   width=22><input id="Xoa'.$rows['IDOnline'].'" type=checkbox name=XoaDuLieu[] value="'.$rows['IDOnline'].'" onclick="toggleCB(this);"></td>
<td >'.$rows['IDOnline'].'</td>
<td>'.$rows['Hits'].'</td>
<td><a href="http://www.whois.sc/'.$rows['IP'].'" title="Lookup this IP address in the WhoIs service" target="_blank">'.$rows['IP'].'</a></td>
<td><a href="http://itv14.net'.$rows['URL'].'" target=_blank>'.$URL.'</a></td>
<td>'.$rows['Referrer'].'</td>
<td>'.$rows['TrinhDuyet'].'</td>
<td>'.$rows['HeDieuHanh'].'</td>
<td>'.date("H:i d/m/Y", $rows['Times']).'</td>
 <td align=center width=22><a href="javascript://" onclick="Delete('.$rows['IDOnline'].');"><img width=20 height=20 border=0 src="admincp/images/ico_delete_16.png" title="Xóa bản ghi này"></a></td>
</tr>';
}
echo ' </table><div class="tab-footer clear">
							<div class="fl">
							<input value="Xóa" id="submit2" class="submit fl-space" type="submit" onclick="'.$confirm.'"/>
                             	</div>'.$PhanTrang.'</div>';
if(@mysql_num_rows($sql)>6000){
    @mysql_query("DELETE FROM online order by IDOnline asc limit 5000");
}
}

if($_GET['action']=='TaoMenu'){
    if(isset($_GET['MaMenu'])){
        $title='Sửa Menu';
    }else{
        $title='Tạo Menu mới';
    }
echo '<div class="content-box">
				<div class="box-header clear">
					<h2>'.$title.':</h2>
				</div>
				<div class="box-body clear">
				<!-- Custom Forms -->
					<div id="forms">
				     <form name="form1" action="QuanLy.php?action=QuanLyMenu" method="post"><table>';
$sql = @mysql_query("select * from baiviet where IDBaiViet = '".$_GET['MaMenu']."'");
$rows = @mysql_fetch_array($sql);
 if(!isset($_GET['MaMenu'])){
    $checked='checked="checked"';
   }else{
    if($rows['KichHoat']=="1"){
    $checked='checked="checked"';
   }else{
    $checked='';
    }
    }
echo '<input type="text" name="IDBaiViet" style="display: none;" value="'.$_GET['MaMenu'].'" />
<tr><td style="width: 40%;text-align:right;font-weight:bold">Tên Menu:</td><td style="width: 60%;"><input name="TenMenu" class="text" type="text" style="width: 250px;" value="'.$rows['TieuDe'].'" /></td></tr>
<tr><td style="width: 40%;text-align:right;font-weight:bold">Đường link:</td><td style="width: 60%;"><input name="DuongLink" type="text" style="width: 250px;" value="'.$rows['NoiDung'].'" class="text"/></td></tr>
 <tr><td style="text-align:right;font-weight:bold">Kích Hoạt:</td><td style=""><input name="KichHoat[]" type="checkbox" '.$checked.' value="1" /></td></tr>
 <tr><td></td><td><input class="submit fl-space" type="submit" value="Cập nhập" /></td></tr>
';
echo '</table></form>';
}
 
if($_GET['action']=='QuanLyMenu'){ 
if($_POST['TenMenu']){
$TenMenu=addslashes($_POST["TenMenu"]);
$DuongLink=addslashes($_POST["DuongLink"]);
$check=$_POST['KichHoat'];
 
    if($_POST['IDBaiViet']!=""){
    @mysql_query("UPDATE baiviet SET TieuDe='$TenMenu', KichHoat='$check[0]', NoiDung='$DuongLink' WHERE IDBaiViet = '".$_POST['IDBaiViet']."'");
echo ''.$tag_sucsess.'Sửa Menu thành công !'.$end_tag_sucsess.'';
}else{
@mysql_query("INSERT INTO baiviet(TieuDe, KichHoat, NoiDung, Loai) VALUES('$TenMenu', '$check[0]', '$DuongLink', 'Menu')");
echo ''.$tag_sucsess.'Tạo Menu thành công !'.$end_tag_sucsess.'';
}
 
}
if(isset($_POST['XoaDuLieu'])){
    XoaDuLieu("baiviet","IDBaiViet");
}
if(isset($_POST['LuuSapXep'])&&$_POST['XoaDuLieu']==""){
    LuuSapXep("baiviet","IDBaiViet");
}
$sql = @mysql_query("select * from baiviet where Loai = 'Menu' order by SapXep asc, IDBaiViet asc");
echo '<!-- CONTENT BOXES -->
			<div class="content-box">
				<div class="box-header clear">
					<h2>QUẢN LÝ MENU HEADER</h2>
				</div>
				
				<div class="box-body clear">
					
				<!-- TABLE -->
					<div style="display: block;" id="table">
                    <form name="form1" action=" " method="post" id="formID"><table>
							<thead>
								<tr>
<th class=rowhdr1 width=22> <input type="checkbox" name="Check_ctr" value="yes" onclick="checkPage(this);"></th>
<th>ID</th>
<th>Tên Menu</th>
<th>Đường link</th>
<th>Sắp xếp</th>
<th>Trạng thái</th>
<th>Sửa</th>
<th>Xóa</th>
</tr>
</thead>
 	<tbody>';
while ($rows = @mysql_fetch_array($sql))
{
    
    if($rows['KichHoat']=="1"){
    $KichHoat='<b style="color:blue">Đã Kích Hoạt</b>';
}else{
    $KichHoat='<b style="color:red">Chưa Kích Hoạt</b>';
}
 $confirm="return confirm('Bạn chắc chắn muốn xóa Menu này?')";
echo '<tr class=rowtwo>
<td width=22><input id="Xoa'.$rows['IDBaiViet'].'" type=checkbox name=XoaDuLieu[] value="'.$rows['IDBaiViet'].'" onclick="toggleCB(this);"></td>
<td >'.$rows['IDBaiViet'].'</td>
<td><a href="'.$rows['NoiDung'].'" target="_blank"><b style="color:blue">'.$rows['TieuDe'].'</b></a></td>
<td><a href="'.$rows['NoiDung'].'" target="_blank">'.$rows['NoiDung'].'</a></td>
<td><input name="LuuSapXep['.$rows['IDBaiViet'].']" type="text" value="'.$rows['SapXep'].'" class="text" /></a></td><td><b>'.$KichHoat.'</b></td>
 <td align=center width=22><a href="QuanLy.php?action=TaoMenu&MaMenu='.$rows['IDBaiViet'].'"><img width=20 height=20 border=0 src="admincp/img/icons/edit.png" title="Sửa bản ghi này"></a></td>
 <td align=center width=22><a href="javascript://" onclick="Delete('.$rows['IDBaiViet'].');"><img width=20 height=20 border=0 src="admincp/images/ico_delete_16.png" title="Xóa bản ghi này"></a></td>
 
</tr>';
}
echo ' </table><div class="tab-footer clear">
							<div class="fl">
							<input value="Xóa" id="submit2" class="submit fl-space" type="submit" onclick="'.$confirm.'"/>
                            <input value="Lưu sắp xếp" id="submit2" class="submit fl-space" type="submit" style="margin-left: 10px;"/>
							</div></form>';
}



if($_GET['action']=='DanhSachLienHe'){ 
if(isset($_POST['XoaDuLieu'])){
    XoaDuLieu("lienhe","IDContact");
}

$sql = @mysql_query("select * from lienhe order by IDContact desc");
echo '<!-- CONTENT BOXES -->
			<div class="content-box">
				<div class="box-header clear">
					<h2>DANH SÁCH KHÁCH HÀNG LIÊN HỆ</h2>
				</div>
				
				<div class="box-body clear">
					
				<!-- TABLE -->
					<div style="display: block;" id="table">
                    <form name="form1" action=" " method="post" id="formID">
                    <table>
							<thead>
								<tr>
<th class=rowhdr1 width=22> <input type="checkbox" name="Check_ctr" value="yes" onclick="checkPage(this);"></th>
<th>ID</th>
<th>Họ và tên</th>
<th>Email</th>
<th>Nội dung</th>
<th>Ngày gửi</th>
<th>Xóa</th>
</tr>
</thead>
 	<tbody>';
while ($rows = @mysql_fetch_array($sql))
{
    if($rows['TrangThai']==0){
         @mysql_query("UPDATE lienhe SET TrangThai=1 WHERE IDContact = '".$rows['IDContact']."'");
        }
    $url=stripUnicode($rows['TenDuAn']);
 $url=ereg_replace('[[:space:]]+', '-', trim($url));
 $confirm="return confirm('Bạn chắc chắn muốn xóa dữ liệu này?')";
echo '<tr class=rowtwo>
<td width=22><input id="Xoa'.$rows['IDContact'].'" type=checkbox name=XoaDuLieu[] value="'.$rows['IDContact'].'" onclick="toggleCB(this);"></td>
<td >'.$rows['IDContact'].'</td>
<td><b style="color:blue">'.$rows['HoVaTen'].'</b></td>
<td>'.$rows['Email'].'</td>
<td>'.$rows['NoiDung'].'</td>
<td><b style="color:red">'.date("H:i d/m/Y",strtotime($rows['NgayGui'])).'</b></td>
 <td align=center width=22><a href="javascript://" onclick="Delete('.$rows['IDContact'].');"><img width=20 height=20 border=0 src="admincp/images/ico_delete_16.png" title="Xóa bản ghi này"></a></td>
</tr>';
}
echo ' </table><div class="fl">
							<input value="Xóa" id="submit2" class="submit fl-space" type="submit" onclick="'.$confirm.'"/>
                            	</div></form>';
}

if($_GET['action']=='DanhSachThamQuan'){ 
if(isset($_POST['XoaDuLieu'])){
    XoaDuLieu("thamquan","IDThamQuan");
}

$sql = @mysql_query("select * from thamquan, duan where thamquan.DAThamQuan = duan.IDDuAn order by IDThamQuan desc");
echo '<!-- CONTENT BOXES -->
			<div class="content-box">
				<div class="box-header clear">
					<h2>DANH SÁCH KHÁCH HÀNG ĐĂNG KÝ THAM QUAN CĂN HỘ MẪU</h2>
				</div>
				
				<div class="box-body clear">
					
				<!-- TABLE -->
					<div style="display: block;" id="table">
                    
                    <form name="form1" action=" " method="post" id="formID">
<table>
							<thead>
								<tr>
<th> <input type="checkbox" name="Check_ctr" value="yes" onclick="checkPage(this);"></th>
<th>ID</th>
<th>Họ và tên</th>
<th>Email</th>
<th>Địa chỉ</th>
<th>SĐT</th>
<th></th>
<th>Dự án đăng ký tham quan</th>
<th>Ngày tham quan</th>
<th>Xóa</th>
</tr>
</thead>
 <tbody>';
while ($rows = @mysql_fetch_array($sql))
{
    if($rows['thamquan.TrangThai']==0){
         @mysql_query("UPDATE thamquan SET TrangThai=1 WHERE IDThamQuan = '".$rows['IDThamQuan']."'");
        }
    $url=stripUnicode($rows['TenDuAn']);
 $url=ereg_replace('[[:space:]]+', '-', trim($url));
 $confirm="return confirm('Bạn chắc chắn muốn xóa dữ liệu này?')";
echo '<tr class=rowtwo>
<td width=22><input id="Xoa'.$rows['IDThamQuan'].'" type=checkbox name=XoaDuLieu[] value="'.$rows['IDThamQuan'].'"></td>
<td >'.$rows['IDThamQuan'].'</td>
<td><b style="color:blue">'.$rows['HoVaTen'].'</b></td>
<td>'.$rows['Email'].'</td>
<td><i>'.$rows['DiaChi'].'</i></td>
<td>'.$rows['SDT'].'</td>
<td><a href="'.$link.'Du-An-'.$rows['IDDuAn'].'-'.$url.'.html" target="_blank"><img src="'.$link.''.$rows['LoGo'].'" style="width: 50px;height: 50px;" /></a></td>
<td><a href="'.$link.'Du-An-'.$rows['IDDuAn'].'-'.$url.'.html" target="_blank"><b style="color:blue">'.$rows['TenDuAn'].'</b></a></td>
<td><b style="color:red">'.$rows['NgayThamQuan'].'</b></td>
 <td align=center width=22><a href="javascript://" onclick="Delete('.$rows['IDThamQuan'].');"><img width=20 height=20 border=0 src="admincp/images/ico_delete_16.png" title="Xóa bản ghi này"></a></td>
</tr>';
}
echo '</table>
<div class="fl">
							<input value="Xóa" id="submit2" class="submit fl-space" type="submit" onclick="'.$confirm.'"/>
                           
							</div></form>';
}


if($_GET['action']=='TaoDanhMuc'){
    if(isset($_GET['MaDanhMuc'])){
        $title='Sửa danh mục';
    }else{
        $title='Tạo danh mục mới';
    }
echo '<div class="content-box">
				<div class="box-header clear">
					<h2>'.$title.':</h2>
				</div>
				<div class="box-body clear">
				<!-- Custom Forms -->
					<div id="forms">
						 <form name="form1" action="QuanLy.php?action=QuanLyDanhMuc" method="post"><table>';
$sql = @mysql_query("select * from danhmuc where IDDanhMuc = '".$_GET['MaDanhMuc']."'");
$rows = @mysql_fetch_array($sql);
 if(!isset($_GET['MaDanhMuc'])){
    $checked='checked="checked"';
   }else{
    if($rows['TrangThai']=="1"){
    $checked='checked="checked"';
   }else{
    $checked='';
    }
    }
echo '<input type="text" name="IDDanhMuc" style="display: none;" value="'.$_GET['MaDanhMuc'].'" />
<div class="form-field clear">
								<label for="textfield" class="form-label fl-space2"><b>Tên Danh Mục:</b></label>
								<input class="text" style="width: 200px;" type="text" name="TenDanhMuc" value="'.$rows['TenDanhMuc'].'" />
							</div><!-- /.form-field -->
<div class="form-field clear">
								<label for="textfield" class="form-label fl-space2"><b>Kích Hoạt:</b></label>
								<input name="KichHoat[]" type="checkbox" '.$checked.' value="1" />
							</div><!-- /.form-field -->
<div class="form-field clear" align="left" style="float: left;padding-left: 110px;padding-top: 10px;">
								<input class="submit fr" value="Lưu lại"  type="submit"/>
							</div><!-- /.form-field -->																								
						</form>
					</div><!-- /#forms -->
					
				</div> <!-- end of box-body -->
			</div>';
}
 
if($_GET['action']=='QuanLyDanhMuc'){ 
if($_POST['TenDanhMuc']){
$TenDanhMuc=addslashes($_POST["TenDanhMuc"]);
$check=$_POST['KichHoat'];
if($_POST['ChuyenMuc']){
    @mysql_query("INSERT INTO danhmuc(TenDanhMuc) VALUES('$TenDanhMuc')");
}else{
    if($_POST['IDDanhMuc']!=""){
    @mysql_query("UPDATE danhmuc SET TenDanhMuc='$TenDanhMuc', TrangThai='$check[0]' WHERE IDDanhMuc = '".$_POST['IDDanhMuc']."'");
echo ''.$tag_sucsess.'Sửa Danh mục thành công !'.$end_tag_sucsess.'';
}else{
@mysql_query("INSERT INTO danhmuc(TenDanhMuc, TrangThai) VALUES('$TenDanhMuc', '$check[0]')");
echo ''.$tag_sucsess.'Tạo Danh mục thành công !'.$end_tag_sucsess.'';
}
}
}
if(isset($_POST['XoaDuLieu'])){
    XoaDuLieu("danhmuc","IDDanhMuc");
}
if(isset($_POST['LuuSapXep'])&&$_POST['XoaDuLieu']==""){
    LuuSapXep("danhmuc","IDDanhMuc");
}
$sql = @mysql_query("select * from danhmuc order by SapXep asc, IDDanhMuc asc");
echo '<!-- CONTENT BOXES -->
			<div class="content-box">
				<div class="box-header clear">
					<h2>QUẢN LÝ DANH MỤC</h2>
				</div>
				
				<div class="box-body clear">
					
				<!-- TABLE -->
					<div style="display: block;" id="table">
                    <form name="form1" action=" " method="post" id="formID"> 
<table>
  <thead>
   <tr>
<th><input type="checkbox" name="Check_ctr" value="yes" onclick="checkPage(this);"></th>
<th>ID</th>
<th>Tên Danh Mục</th>
<th>Sắp xếp</th>
<th>Trạng thái</th>
<th style="width:20px">Sửa</th>
<th style="width:20px">Xóa</th>
 
</tr>
  </thead>
 <tbody>';
while ($rows = @mysql_fetch_array($sql))
{
    
    if($rows['TrangThai']=="1"){
    $TrangThai='<b style="color:blue">Đã Kích Hoạt</b>';
}else{
    $TrangThai='<b style="color:red">Chưa Kích Hoạt</b>';
}
 $confirm="return confirm('Bạn chắc chắn muốn xóa những Danh Mục đã chọn này?')";
 $url=stripUnicode($rows['TenDanhMuc']);
 $url=ereg_replace('[[:space:]]+', '-', trim($url));
echo '<tr class=rowtwo>
<td width=22><input id="Xoa'.$rows['IDDanhMuc'].'" type=checkbox name=XoaDuLieu[] value="'.$rows['IDDanhMuc'].'" onclick="toggleCB(this);"></td>
<td width=22>'.$rows['IDDanhMuc'].'</td>
<td><a href="'.$link.'Danh-Muc-'.$rows['IDDanhMuc'].'-'.$url.'.html" target="_blank">'.$rows['TenDanhMuc'].'</a></td>
<td><input name="LuuSapXep['.$rows['IDDanhMuc'].']" type="text" class="text" value="'.$rows['SapXep'].'" /></a></td>
<td><b>'.$TrangThai.'</b></td>
<td align=center width=22><a href="QuanLy.php?action=TaoDanhMuc&MaDanhMuc='.$rows['IDDanhMuc'].'"><img width=20 height=20 border=0 src="admincp/img/icons/edit.png" title="Sửa bản ghi này"></a></td>
<td align=center width=22><a href="javascript://" onclick="Delete('.$rows['IDDanhMuc'].');"><img width=20 height=20 border=0 src="admincp/images/ico_delete_16.png" title="Xóa bản ghi này"></a></td>
</tr>';
}
echo ' </table><div class="fl">
							<input value="Xóa" id="submit2" class="submit fl-space" type="submit" onclick="'.$confirm.'"/>
                            <input value="Lưu sắp xếp" id="submit2" class="submit fl-space" type="submit" style="margin-left: 10px;"/>
							</div></form>';
}


if($_GET['action']=='TaoDuAn'){
    if(isset($_GET['MaDuAn'])){
        $title='Sửa dự án';
    }else{
        $title='Tạo dự án mới';
    }
echo '<div class="content-box">
				<div class="box-header clear">
					 	<h2>
                        '.$title.':
                         </h2>
				</div>
				
				<div class="box-body clear">
					 
					
					<!-- Custom Forms -->
					<div id="forms">
						<form name="form1" action="QuanLy.php?action=QuanLyDuAn" method="post" enctype="multipart/form-data">';
$sql = @mysql_query("select * from duan where IDDuAn = '".$_GET['MaDuAn']."'");
$rows = @mysql_fetch_array($sql);
echo '<input type="text" name="IDDuAn" style="display: none;" value="'.$_GET['MaDuAn'].'" />
<div class="form-field clear">
								<label for="textfield" class="form-label fl-space2"><b>Tên Dự Án:</b></label>
								<input id="textfield" class="text fl" name="TenDuAn" type="text" style="width: 490px;" value="'.$rows['TenDuAn'].'"/>
							</div><!-- /.form-field -->

<div class="form-field clear">
								<label for="textfield" class="form-label fl-space2"><b>Danh mục:</b></label>
								 ';
  echo '<select style="width: 154px;" id="DanhMuc" name="DanhMuc">
 ';
  $Catory = @mysql_query("select * from danhmuc order by SapXep asc, IDDanhMuc asc");
  while ($CatoryID = @mysql_fetch_array($Catory))
    {
     if($CatoryID['IDDanhMuc']==$rows['DanhMuc']){
        $select='selected="selected"';
     }else{
        $select='';
     }
     if(!isset($_GET['MaDuAn'])){
    $checked='checked="checked"';
   }else{
    if($rows['TrangThai']=="1"){
    $checked='checked="checked"';
   }else{
    $checked='';
    }
    if($rows['TinTuc']=="1"){
    $checked1='checked="checked"';
   }else{
    $checked1='';
    }
    }
     echo '<option value="'.$CatoryID['IDDanhMuc'].'" '.$select.'>'.$CatoryID['TenDanhMuc'].'</option>';
    }
 echo '</select>';
echo '</div><!-- /.form-field -->
<div class="form-field clear">
								<label for="textfield" class="form-label fl-space2"><b>Ảnh đại diện:</b></label>
								<input type="file" name="file_up" style="width: 422px;" class="form-file fl"/><input name="LoGO" type="text" style="width: 250px;display:none" value="'.$rows['LoGo'].'" />
							</div><!-- /.form-field -->
<div class="form-field clear">
								<label for="textfield" class="form-label fl-space2"><b>Mô tả Dự Án:</b></label>
								<textarea class="form-textarea" cols="90" rows="5" name="MoTa">'.$rows['MoTa'].'</textarea>
							</div><!-- /.form-field -->
<div class="form-field clear">
								<label for="textfield" class="form-label fl-space2"><b>Giá Dự Án:</b></label>
								<input id="textfield" class="text fl" name="Gia" type="text" style="width: 490px;" value="'.$rows['Gia'].'"/>
							</div><!-- /.form-field -->
<div class="form-field clear">
								<label for="textfield" class="form-label fl-space2"><b>Địa chỉ:</b></label>
								<input id="textfield" class="text fl" name="DiaChi" type="text" style="width: 490px;" value="'.$rows['DiaChi'].'"/>
							</div><!-- /.form-field -->
<div class="form-field clear">
								<label for="textfield" class="form-label fl-space2"><b>DESCRIPTION:</b></label>
								<input id="textfield" class="text fl" name="Description" type="text" style="width: 490px;" value="'.$rows['Description'].'"/>
							</div><!-- /.form-field -->
<div class="form-field clear">
								<label for="textfield" class="form-label fl-space2"><b>Tags:</b></label>
								<input id="textfield" class="text fl" name="Tags" type="text" style="width: 490px;" value="'.$rows['Tags'].'"/>
							</div><!-- /.form-field -->
 ';
include ("includes/FormBaiViet.php");
echo '
<div class="form-field clear">
								<label for="textfield" class="form-label fl-space2"><b>Kích Hoạt:</b></label>
								<input name="KichHoat[]" type="checkbox" '.$checked.' value="1" />
							</div><!-- /.form-field -->
<div class="form-field clear">
								<label for="textfield" class="form-label fl-space2"><b>Mục tin tức:</b></label>
								<input name="TinTuc[]" type="checkbox" '.$checked1.' value="1" />
							</div><!-- /.form-field -->
 <div class="form-field clear">
								<label  class="form-label "><b>Nội dung:</b></label>
								<textarea style="width:100%;height:400px" id="elm1" name="NoiDung">'.$rows['NoiDung'].'</textarea>
							</div><!-- /.form-field -->
 <div class="form-field clear">
								<input class="submit fr" value="Lưu lại" type="submit"/>
							</div><!-- /.form-field -->																								
						</form>
					</div><!-- /#forms -->
				</div> <!-- end of box-body -->
			</div>
<script>CKEDITOR.replace("elm1"); </script>
';
 
echo '</table></form>';
}
 
if($_GET['action']=='QuanLyDuAn'){ 
if($_POST['TenDuAn']){
$TenDuAn=addslashes($_POST["TenDuAn"]);
$NoiDung=$_POST["NoiDung"];
$Gia=addslashes($_POST["Gia"]);
$DiaChi=addslashes($_POST["DiaChi"]);
$DanhMuc=addslashes($_POST["DanhMuc"]);
$MoTa=addslashes($_POST["MoTa"]);
$MoTa=addslashes($_POST["MoTa"]);
$Description=$_POST['Description'];
$Tags=$_POST['Tags'];
$check=$_POST['KichHoat'];
$TinTuc=$_POST['TinTuc'];
if($_FILES['file_up']['size']==0){
    $linkLoGo=$_POST["LoGO"];
}
    if($_POST['IDDuAn']!=""){
    @mysql_query("UPDATE duan SET TenDuAn='$TenDuAn', NoiDung='$NoiDung', NguoiTao='$NguoiGui', Gia='$Gia', DiaChi='$DiaChi', DanhMuc='$DanhMuc', TrangThai='$check[0]', LoGo='$linkLoGo', MoTa='$MoTa', Tags='$Tags', Description='$Description', TinTuc='$TinTuc[0]' WHERE IDDuAn = '".$_POST['IDDuAn']."'");
echo ''.$tag_sucsess.'Sửa Dự án thành công !'.$end_tag_sucsess.'';
}else{
@mysql_query("INSERT INTO duan(TenDuAn, NoiDung, NguoiTao, Gia, DiaChi, DanhMuc, TrangThai, LoGo, MoTa, Description, Tags, TinTuc) VALUES('$TenDuAn', '$NoiDung', '$NguoiGui', '$Gia', '$DiaChi', '$DanhMuc', '$check[0]', '$linkLoGo', '$MoTa', '$Description', '$Tags', '$TinTuc[0]')");
echo ''.$tag_sucsess.'Tạo Dự án thành công !'.$end_tag_sucsess.'';
 
}
}
if(isset($_POST['XoaDuLieu'])){
    XoaDuLieu("duan","IDDuAn");
}
if(isset($_POST['LuuSapXep'])&&$_POST['XoaDuLieu']==""){
    LuuSapXep("duan","IDDuAn");
}

if($member1['permission']=='1'){
    $query='';
}else{
    $query="and NguoiTao = '$NguoiGui'";
}

if($_GET['MaDanhMuc']!=0){
    $where="where DanhMuc = '".$_GET['MaDanhMuc']."'";
}else{
    $where="where DanhMuc != 'a'";
}

$sqll = @mysql_query("select * from duan $where $query order by SapXep asc, IDDuAn desc");
$sotin=30;
$totalpage=round((@mysql_num_rows($sqll)/$sotin),0);
$linkss="QuanLy.php?".$_SERVER["QUERY_STRING"]."&page=%s";
include("includes/PhanTrang.php");
$PhanTrang=phantrang($_GET['page'], $totalpage, $linkss, $show);
$sql = @mysql_query("select * from duan $where $query order by SapXep asc, IDDuAn desc limit $page, $page1");

echo ' 
<!-- CONTENT BOXES -->
			<div class="content-box">
				<div class="box-header clear">
					<h2>QUẢN LÝ DỰ ÁN <div style="float:right;margin-right:20px">Xem theo danh mục: <select style="width: 154px;" id="DanhMuc" name="DanhMuc" onchange="location = this.options[this.selectedIndex].value;"><option value="QuanLy.php?action=QuanLyDuAn&MaDanhMuc=0" '.$select.'>----Tất cả----</option>
 ';
  $Catory = @mysql_query("select * from danhmuc order by SapXep asc, IDDanhMuc asc");
  while ($CatoryID = @mysql_fetch_array($Catory))
    {
     if($CatoryID['IDDanhMuc']==$_GET['MaDanhMuc']){
        $select='selected="selected"';
     }else{
        $select='';
     }
     
     echo '<option value="QuanLy.php?action=QuanLyDuAn&MaDanhMuc='.$CatoryID['IDDanhMuc'].'" '.$select.'>'.$CatoryID['TenDanhMuc'].'</option>';
    }
 echo '</select></div></h2>
				</div>
				
				<div class="box-body clear">
					
				<!-- TABLE -->
					<div style="display: block;" id="table">
					
						<form method="post" action="" id="formID">
<table>
							<thead>
								<tr>
									<th><input class="checkbox select-all" type="checkbox"/></th>
								 <th>ID</th>
                                 <th>LoGo</th>
                                <th>Tên Dự Án</th>
                                <th>Giá</th>
                                <th>Địa chỉ</th>
                                <th>Danh Mục</th>
                                <th>Người tạo</th>
                                <th>Trạng thái</th>
                                <th>Sắp xếp</th>
                                <th style="width:20px">Sửa</th>
                                <th style="width:20px">Xóa</th>
								</tr>
							</thead>
							
							<tbody>
';
while ($rows = @mysql_fetch_array($sql))
{
    if($rows['TrangThai']=="1"){
    $TrangThai='<b style="color:blue">Đã Kích Hoạt</b>';
}else{
    $TrangThai='<b style="color:red">Chưa Kích Hoạt</b>';
}
 $confirm="return confirm ('Bạn chắc chắn muốn xóa những Dự Án đã chọn này?');";
 $url=stripUnicode($rows['TenDuAn']);
 $url=ereg_replace('[[:space:]]+', '-', trim($url));
echo '<tr class=rowtwo>
<td align=center width=22><input type=checkbox name=XoaDuLieu[] value="'.$rows['IDDuAn'].'" onclick="toggleCB(this);" id="Xoa'.$rows['IDDuAn'].'"></td>
<td align=right>'.$rows['IDDuAn'].'</td>
<td><a href="'.$link.'Du-An-'.$rows['IDDuAn'].'-'.$url.'.html" target="_blank"><img src="'.$link.''.$rows['LoGo'].'" style="width: 50px;height: 50px;" /></a></td>
<td><a href="'.$link.'Du-An-'.$rows['IDDuAn'].'-'.$url.'.html" target="_blank"><b style=" ">'.$rows['TenDuAn'].'</b></a></td>
<td><b style="color:red">'.$rows['Gia'].'</b></td>
<td><i>'.$rows['DiaChi'].'</i></td>';
$sqla = @mysql_query("select TenDanhMuc from danhmuc where IDDanhMuc = '".$rows['DanhMuc']."'");
$rowsa = @mysql_fetch_array($sqla);
echo '<td><b>'.$rowsa['TenDanhMuc'].'</b></td>';
$sqla = @mysql_query("select username from users where userid = '".$rows['NguoiTao']."'");
$rowsa = @mysql_fetch_array($sqla);
echo '<td><b>'.$rowsa['username'].'</b></td>';

echo ' <td><b>'.$TrangThai.'</b></td>
<td width=20><input class="text" style="width:30px" name="LuuSapXep['.$rows['IDDuAn'].']" type="text" value="'.$rows['SapXep'].'" /></td>
 <td align=center width=22><a href="QuanLy.php?action=TaoDuAn&MaDuAn='.$rows['IDDuAn'].'"><img width=20 height=20 border=0 src="admincp/img/icons/edit.png" title="Sửa bản ghi này"></a></td>
 <td align=center width=22><a href="javascript://" onclick="Delete('.$rows['IDDuAn'].');"><img width=20 height=20 border=0 src="admincp/images/ico_delete_16.png" title="Xóa bản ghi này"></a></td>
</tr>';
}
echo '</tbody>
						</table> 
                        <div class="tab-footer clear">
							<div class="fl">
							<input value="Xóa" id="submit2" class="submit fl-space" type="submit" onclick="'.$confirm.'"/>
                            <input value="Lưu sắp xếp" id="submit2" class="submit fl-space" type="submit" style="margin-left: 10px;"/>
							</div>
                           '.$PhanTrang.'
							</div> ';
}
 
?> 

</div><!-- end of page -->
		
		</div>
	</div>
</div>
</body>
</html>	
<?php endif; ?>
<?php
// Include file config.php
require_once('../includes/init.php');
if (!isset($_SESSION['userid'])) : ?>
<?php include_once('DangNhap.php');?>
<?php endif; ?>	